package com.idp.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * @Author JTR -H
 * @Address BS_221
 * @Created_Date 2021/7/27 - 14:59
 */
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * SpringSecurity 自定义 user 和 pwd
     */

    @Autowired
    @Qualifier("myUserDetailsService")
    private UserDetailsService myUserDetailsService;

    @Autowired
    @Qualifier("getEncoder")
    BCryptPasswordEncoder encoder;

    /**
     * 使得自定义登录service: myUserDetailsService 生效
     */
    @Override
    protected void configure(AuthenticationManagerBuilder amb) throws Exception {
        amb.userDetailsService(myUserDetailsService).passwordEncoder(encoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedPage("/error/403");
        http
                .formLogin()                        // 转向到自己写的登录页面
                .loginPage("/login")                // 登录页面设置
                .permitAll()                        // 任何人都能访问
                .defaultSuccessUrl("/modelSelection")
                .failureUrl("/login?error=true").permitAll()
                .and()
                .logout().logoutSuccessUrl("/")

                .and()
                .authorizeRequests()    // 请求授权
                .antMatchers(
                        "/", "/favicon.ico", "/*.css", "/*.js", "/*.png", "/public/images/*.jpg", "/api/**"
                )  // 无需认证的路径
                .permitAll()            // 指定路径任何人都能访问
                .antMatchers("**/yellow/**")
                .hasAnyAuthority("yellow", "admin") // 指定路径需要"yellow"权限
                .anyRequest()
                .authenticated()        // 除了上面的请求,其他请求全部都要认证

                .and()
                .rememberMe()           // 记住我
                .tokenValiditySeconds(7 * 24 * 60 * 60) // 默认两周

                .and().csrf().disable() // 关闭csrf防护
        ;
    }

    @Bean
    public BCryptPasswordEncoder getEncoder() {
        return new BCryptPasswordEncoder();
    }
}


/*
 ******************************************************
 *    Eliminate all impossible,                       *
 *    remain that although or else can be thought of, *
 *    discuss,                                        *
 *    that also is a fact.                            *
 ******************************************************
 */
